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DETAILED ACTION 

1 . In response to the previous office action, Applicant has amended claims 1 , 4, 6- 
12, 15-21, 24, 26-29, 32-36, and 40. Claims 1-40 have been examined. 

2. Examination of the instant application has been reassigned to Examiner Matthew 
Heneghan. 

Claim Objections 

3. In view of Applicant's amendment, all previous claim objections are withdrawn. 

Claim Rejections - 35 USC §112 

4. In view of Applicant's amendment, all previous rejections under 35 U.S.C. 112 
are withdrawn. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 
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(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

5. Claims 1-3, 8, 10, 21-23, 27, 36, 37, 39 and 40 are rejected under 35 
U.S.C. 102(e) as being anticipated by Dulude et al., hereafter Dulude (US 6,310,966). 

Regarding claim 1, Dulude discloses a person authentication system 
comprising: 

an entity for executing person authentication (receiver station 42), 

wherein said entity acquires a template from a person identification certificate 
storing template information (biometric certificate 68) including said template and 
generated by a third-party agency (registration authority 34) serving as a person 
identification certificate authority (col. 4, lines 12-65, and col. 6, lines 32-34), and 

executes person authentication on the basis of the acquired decrypted template 
(col. 6, lines 58-65, and col. 7, lines 33-44). 

Regarding claim 2, Dulude teaches all the limitations of claim 1, and further 
teaches that the person identification certificate authority includes a digital signature 
written by said person identification certificate authority (biometric certificate 68 contains 
digital signature 22; Fig. 2; col. 4, lines 55-65). 

Regarding claim 3, Dulude teaches all the limitations of claim 1, and further 
teaches that 

said person identification certificate authority verifies the identification of a person 
requesting a person identification certificate to be issued (col. 5, lines 16-25), 



Application/Control Number: 09/944,192 Page 4 

Art Unit: 2134 

acquires a template serving as person identification data of said person 
requesting the person identification certificate to be issued (col. 4, lines 25-32), and 

generates a person identification certificate storing template information including 
said template (col. 4, lines 55-65). 

Regarding claim 6, Dulude teaches all the limitations of claim 1 , and further 
teaches that said entity is any one of a service provider which provides services to a 
user identified by said person identification certificate, a user device accessed by a user 
identified by said person identification certificate, and said person identification 
certificate authority (receiving section 42 is service provider; col. 8, lines 34-45, 
incorporating Vaeth, US 6035,402; see Vaeth, col. 6, lines 5-26). 

Regarding claim 8, Dulude teaches all the limitations of claim 1 , and further 
teaches that 

said entity is a service provider which provides services to a user identified by 
said person identification certificate (receiving section 42 is service provider; col. 8, lines 
34-45, incorporating Vaeth, US 6035,402; see Vaeth, col. 6, lines 5-26), and 

that said service provider compares a template (registration biometric data 72), 
which is acquirable from the person identification certificate acquired from said person 
identification certificate authority (col. 4, lines 55-65, and col. 6, lines 32-34), with 
sampling information provided by the user (transaction biometric data 46) and starts 
providing services with the user, provided that said template and said sampling 
information match with each other (col. 7, lines 33-67). 

Regarding claim 10, Dulude teaches all the limitations of claim 1 , and further 
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teaches that said template (registration biometric data) is composed any one of: 
biometric information of a person; non-biometric information; any combination of two or 
more of said biometric information and said non-biometric information; and a 
combination of any of said information and a password (template composed of biometric 
information; col. 4, lines 26-32 and 55-57). 

Regarding claims 21-23 and 27, these are a method version of the claimed 
system discussed above (claims 1-3 and 8, respectively), wherein all claim limitations 
have been addressed. Thus, for the reasons provided above, such claims also are 
anticipated. 

Regarding claims 36 and 37, these are an information-processing-apparatus 
version of the claimed system discussed above (claims 1 and 2), wherein all claim 
limitations have been addressed. Thus, for the reasons provided above, such claims 
also are anticipated. 

Regarding claim 39, Dulude teaches all the limitations of claim 1 , and further 
teaches that 

that said information processing apparatus compares a template (registration 
biometric data 72), which is acquirable from the person identification certificate acquired 
from said person identification certificate authority (col. 4, lines 55-65, and col. 6, lines 
32-34), with sampling information provided by the user (transaction biometric data 46) 
and starts providing services with the user, provided that said template and said 
sampling information match with each other (col. 7, lines 33-67). 
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Regarding claim 40, this is a program-providing-medium version of the claimed 
system discussed above (claim 1 ), wherein all claim limitations have been addressed. 
Thus, for the reasons provided above, such a claim also is anticipated. 

6. Claims 1, 9, 21, 24, 28, 36, 38 and 40 are rejected under 35 U.S.C. 102(e) as 

being anticipated by Bianco et al., hereafter Bianco (US 6,256,737). 

Regarding claim 1, Bianco discloses a person authentication system 
comprising: 

an entity for executing person authentication (computer 208 containing biometric 
device object 722), 

wherein said entity acquires a template from a person identification certificate 
storing template information (biometric template) including said template and generated 
by a third-party agency (biometric server 104) serving as a person identification 
certificate authority (col. 24, lines 21-31), 

All information sent from the server, including the template, is encrypted (see 
column 56, lines 62-65) and must necessarily be decrypted before being used (see 
column 55, lines 32-35) and 

executes person authentication on the basis of the acquired template (col. 24, 
lines 37-39). 

Regarding claim 9, Bianco teaches all the limitations of claim 1, and further 
teaches 
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that said entity is a user device serving as a data processing apparatus including 
data accessible by a user identified by said person identification certificate (computer 
208; col. 11, line 66, through col. 12, line 22), and 

that said user device compares a template, which is acquirable from the person 
identification certificate acquired from said person identification certificate 
authority, with sampling information provided by the user (col. 24, lines 21-43, and col. 
25, lines 31-50), 

and said user device allows the user to start accessing said user device, 
provided that said template and said sampling information match with each other (col. 
24, lines 40-56). 

Regarding claims 21, 24 and 28, these are a method version of the claimed 
system discussed above (claims 1, 4 and 9, respectively), wherein all claim limitations 
have been addressed. Thus, for the reasons provided above, such claims also are 
anticipated. 

Regarding claims 36 and 38, this is an information-processing-apparatus 
version of the claimed system discussed above (claims 1 and 4), wherein all claim 
limitations have been addressed. Thus, for the reasons provided above, such claims 
also are anticipated. 

Regarding claim 40, this is a program-providing-medium version of the claimed 
system discussed above (claim 1), wherein all claim limitations have been addressed. 
Thus, for the reasons provided above, such a claim also is anticipated. 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

7. Claims 5, 7, 25 and 26 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Dulude in view of Hughes ("Digital Envelopes and Signatures," 
InstantDoc #2698, WindowslTPro, September 1996). 

Regarding claim 5, Dulude teaches all the limitations of claim 1, but does not 
explain the further limitation that said person identification certificate authority stores 
said template in said person identification certificate after encrypting said template. 

However, Hughes teaches a method for securing the transmission of a message 
wherein both the encryption of the message and the digital certificate (signature) for the 
message sender are employed concurrently for the purpose of providing both privacy 
and authentication (page 3, paragraph 5). 

Therefore, it would be obvious to a person of ordinary skill in the computer art at 
the time the invention was made to modify the system of Dulude with the teaching of 
Hughes such that said person identification certificate authority stores said template in 
said person identification certificate after encrypting said template, particularly where 
the biometric database 66 which stores the biometric certificate 68 is accessed over a 
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network connection (col. 5, lines 33-44 and col. 6, lines 32-43). One would be 
motivated to do so in order to ensure both privacy and authentication in transmission of 
the biometric certificate over a network. 

Regarding claim 7, Dulude teaches all the limitations of claim 1 , but does not 
explain the further limitation that, when transmitting said person identification certificate 
to said entity, said person identification certificate authority transmits a template which is 
stored in said person identification certificate, as an encrypted template which is 
decryptable only by said entity to which said person identification certificate is to be 
transmitted. 

However, Hughes teaches a method for securing the transmission of a message 
wherein both the encryption of the message and the digital certificate (signature) for the 
message sender are employed concurrently for the purpose of providing both privacy 
and authentication (page 3, paragraph 5), and wherein the encrypted message is 
decryptable only by the entity to which the certificate is to be transmitted (page 2, 
paragraph 2). 

Therefore, it would be obvious to a person of ordinary skill in the computer art at 
the time the invention was made to modify the system of Dulude with the teaching of 
Hughes such that, when transmitting said person identification certificate to said entity, 
said person identification certificate authority transmits a template which is stored in 
said person identification certificate, as an encrypted template which is decryptable only 
by said entity to which said person identification certificate is to be transmitted, 
particularly where the biometric database 66 which stores the biometric certificate 68 is 
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accessed over a network connection (col. 5, lines 33-44 and col. 6, lines 32-43). One 
would be motivated to do so in order to ensure both privacy and authentication in 
transmission of the biometric certificate over a network. 

Regarding claims 25 and 26, this is a method version of the claimed system 
discussed above (claims 5 and 7), wherein all claim limitations have been addressed. 
Thus, for the reasons provided above, such claims also would have been obvious. 

8. Claims 4 and 11 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Bianco in view of Diffie et al., hereafter Diffie, ("Authentication and Authenticated 
Key Exchanges," Designs, Codes and Cryptography, Kluwer Academic Publishers, 
1992). 

Regarding claim 4, Bianco teaches all the limitations of claim 1, and further 
teaches that said person identification certificate authority transmits the person 
identification certificate to said entity (col. 24, lines 21-32). 

Although Bianco teaches that the transmission of the certificate between said 
person identification certificate authority and said entity is encrypted using an 
asymmetric public key protocol (col. 55, lines 29-57, and col. 56, lines 52-65), Bianco 
does not explain that in the process of acquiring the person identification certificate from 
said person identification certificate authority, said entity performs mutual authentication 
between said entity and said person identification certificate authority, and said person 
identification certificate authority transmits the person identification certificate provided 
that said mutual authentication is successfully completed. 
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However, Diffie teaches a method of two-party mutual authentication wherein the 
parties exchange digital signatures (page 9, first paragraph) in addition to their public 
cryptographic keys for the purpose of enhancing security by assuring that each of the 
parties exchanging a public key is authentic and not an imposter (page 2, paragraph 3). 

Therefore, it would be obvious to a person of ordinary skill in the computer art at 
the time the invention was made to modify the system of Bianco with the teaching of 
Diffie such that in the process of acquiring the person identification certificate from said 
person identification certificate authority, said entity performs mutual authentication 
between said entity and said person identification certificate authority, and said person 
identification certificate authority transmits the person identification certificate provided 
that said mutual authentication is successfully completed. One would be motivated to 
do so in order to enhance network security by assuring that each of the parties 
exchanging a public key is authentic and not an imposter. 

Regarding claim 11, Bianco teaches all the limitations of claim 1, and further 
teaches 

that said entity and said person identification certificate authority have an 
encryption processing unit, respectively, (col. 56, lines 58-65). 

But Bianco does not explain that when data is transmitted between said entity 
and said person identification certificate authority, mutual authentication is performed, a 
data-transmitting party generates a digital signature and adds it to data to be 
transmitted, and a data-receiving party verifies the digital signature. 
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However, Diffie teaches a method of two-party mutual authentication wherein the 
parties exchange digital signatures (page 9, first paragraph) in addition to their public 
cryptographic keys for the purpose of enhancing security by assuring that each of the 
parties exchanging a public key is authentic and not an imposter (page 2, paragraph 3). 

Therefore, it would be obvious to a person of ordinary skill in the computer art at 
the time the invention was made to modify the system of Bianco with the teaching of 
Diffie such that when data is transmitted between said entity and said person 
identification certificate authority, mutual authentication is performed, a data-transmitting 
party generates a digital signature and adds it to data to be transmitted, and a data- 
receiving party verifies the digital signature. One would be motivated to do so in order 
to enhance network security by assuring that each of the parties exchanging a public 
key is authentic and not an imposter. 

9. Claims 12-14, 20 and 29-31 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over Yu et al. al., hereafter Yu (US 5,930,804), in view of Dulude. 

Regarding claim 12, Yu discloses a person authentication system comprising: 
a person identification certificate authority (authentication center 24 containing 

biometric server 42) which acquires a template (stored biometric data), 

executes person authentication on the basis of said acquired template (col. 11, 

lines 5-13), and 

issues a verification certificate, provided that said person authentication is 
successfully passed (col. 11, lines 66-67, and col. 12, lines 33-43). 
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But Yu does not explain that the person identification certificate authority 
acquires the template from a person identification certificate storing template 
information including said template. 

However, Dulude teaches an authentication system wherein a template 
(registration biometric data 20) is stored within a person identification certificate 
(biometric certificate 68; Fig. 2; col. 4, lines 55-65; col. 5, lines 33-35) for the purpose of 
facilitating increased security and accuracy in the authentication of electronic 
transactions by binding the biometric identification of consumers with digital certificates 
(col. 3, lines 28-34). 

Therefore, it would be obvious to a person of ordinary skill in the computer art at 
the time the invention was made to modify the system of Yu with the teaching of Dulude 
such that the person identification certificate authority acquires the template from a 
person identification certificate storing template information including said template. 
One would be motivated to do so in order to facilitate increased security and accuracy in 
the authentication of electronic transactions by binding the biometric identification of 
consumers with digital certificates. 

Regarding claim 13, the modified invention of Yu and Dulude is relied upon as 
applied to claim 12, and Yu further teaches that the verification certificate issued by said 
person identification certificate authority includes a digital signature written by said 
person identification certificate authority (Yu, col. 12, lines 36-57). 

Regarding claim 14, the modified invention of Yu and Dulude is relied upon as 
applied to claim 12, and Yu further teaches that 
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said person identification certificate authority acquires a template serving as 
person identification data of said person requesting the person identification certificate 
to be issued (col. 9, lines 54-63). 

But Yu does not explicitly explain that said person identification certificate 
authority verifies the identification of a person requesting a person identification 
certificate to be issued and that said person identification certificate authority generates 
a person identification certificate storing template information including said template. 

However, Dulude teaches an authentication system wherein said person 
identification certificate authority verifies the identification of a person requesting a 
person identification certificate to be issued (col. 5, lines 15-25) and wherein a person 
identification certificate authority (registration authority 34) generates a person 
identification certificate (biometric certificate 68) storing template information 
(registration biometric data 20) including said template (Fig. 2; col. 4, lines 55-65) for the 
purpose of facilitating increased security and accuracy in the authentication of electronic 
transactions by binding the biometric identification of consumers with digital certificates 
(col. 3, lines 28-34). 

Therefore, it would be obvious to a person of ordinary skill in the computer art at 
the time the invention was made to modify the modified invention of Yu and Dulude as 
applied to claim 12 with the further teaching of Dulude such that said person 
identification certificate authority verifies the identification of a person requesting a 
person identification certificate to be issued and that said person identification certificate 
authority generates a person identification certificate storing template information 
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including said template. One would be motivated to do so in order to facilitate increased 
security and accuracy in the authentication of electronic transactions by binding the 
biometric identification of consumers with digital certificates. 

Regarding claim 20, the modified invention of Yu and Dulude is relied upon as 
applied to claim 12, and Yu further teaches that said template is composed of any one 
of: biometric information of a person; non-biometric information; any combination of 
two or more of said biometric information and said non-biometric information; and a 
combination of any of said information and a password (biometric data; col. 9, lines 54- 
67, and col. 10, lines 61 -67). 

Regarding claims 29-31, this is a method version of the claimed system 
discussed above (claims 12-14), wherein all claim limitations have been addressed. 
Thus, for the reasons provided above, such claims also would have been obvious. 

Response to Arguments 

10. Applicant is thanked for pointing out the obvious typographical errors in the 
previous office action, specifically in referring to the "Dulude" reference as "Duluth." It is 
agreed that the cited reference is "Dulude," whereas "Duluth" is well-known in the art to 
be the home of the largest seaport in the great state of Minnesota. 

1 1 . Applicant's arguments filed 28 September 2005 have been fully considered but 
they are not persuasive. 
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The grounds of rejection regarding the independent claims have been modified in 
view of Applicant's amendments to the claims. 

In response to applicant's arguments against the references individually, one 
cannot show nonobviousness by attacking references individually where the rejections 
are based on combinations of references. See In re Keller, 642 F.2d 413, 208 
USPQ 871 (CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 
1986). 

In response to applicant's argument that there is no suggestion to combine the 
references, the examiner recognizes that obviousness can only be established by 
combining or modifying the teachings of the prior art to produce the claimed invention 
where there is some teaching, suggestion, or motivation to do so found either in the 
references themselves or in the knowledge generally available to one of ordinary skill in 
the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988)and In re 
Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this case, the motivation 
stated in the office action is merely a rephrasing of the motivation stated in the Hughes 
reference. One skilled in the art at the time the invention was made would clearly 
recognize the motivation to incorporate Hughes' archiving functionality into Dulude's 
invention based upon the reasons stated in the cited paragraph of Hughes. 



Conclusion 
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12. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

1 3. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Matthew E. Heneghan, whose telephone number is 
(571 ) 272-3834. The examiner can normally be reached on Monday-Friday from 8:30 
AM - 4:30 PM Eastern Time. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse, can be reached at (571) 272-3838. 

Any response to this action should be mailed to: 

Commissioner of Patents and Trademarks 
P.O. Box 1450 
Alexandria, VA 22313-1450 
Or faxed to: 

(571)273-3800 
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Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (571 ) 272- 
2100. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 




December 16, 2005 




